Credit Card News

Consumers who use mobile banking might be interested to find that no less than six federal regulators recently teamed up to make accounts managed by mobile banking more secure.

New regulations from the Federal Financial Institutions Examination Council (FFIEC) mean that banks will be required to take extra measures to ensure that the person logging into your account is actually you and not a thief. Banks are required to apply all of the same anti-fraud measures used for their online banking websites to mobile devices. The new regulations also contain descriptions of the big risks inherent to any mobile or online bank transaction.

The FFIEC has the huge task of making sure rules passed by all federal bank regulators mesh with each other. This includes rules regarding various areas of financial topics including credit cards, mortgages and other financial products and services. In this particular case, the FFIEC had to coordinate six different agencies which monitor banks, credit unions, Wall Street investment houses and various other financial institutions who all have their own requirements and ideas about protecting consumers from fraud.

the guidance really raises the bar in terms of the exceptions regulators have for banks in terms of protecting consumers and businesses from fraud.

The FFIEC ruling updates the rules set in 2005 to regulate online transactions which require financial institutions to regularly review and update their fraud monitoring procedures. Banks are also required to employ multiple different methods of verifying account holder identities during higher risk transactions.

The FFIEC defines all “electronic transactions involving access to customer information or the movement of funds to other parties.” This means that all mobile or online transactions are considered as high risk because they require some access to customer details. The regulators have finally confirmed what financial experts and consumer advocates have been saying for several years: if important information is being exchanged, someone will figure out a way to steal it!

According to the new regulations,

Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security.

This means that under new guidelines, banks cannot rely on their old methods of authentication. Instead, they will need to use layers of identity authentication at the various stages of online and mobile banking process. Consumers will follow one procedure for logging into the account, then have to complete a different process to authorize a payment or funds transfer.